TypeScript SDK Reference
Package: @mima-ai/governance · Version: 0.1.x · Node.js: 18+
Building a TypeScript AI agent? You don’t need this SDK. Configure the MCP server in 4 lines and your agent has full governance evidence — no code changes, any language:
Use this SDK when your TypeScript app code calls AI APIs directly — LangChain chains, batch pipelines, CI scripts, or any workflow where you control the call site.
Requires Node.js 18+ for native fetch and crypto. No runtime dependencies.
Client setup
Environment variables
Attestation
mima.wrap() — function wrapper
TypeScript’s equivalent of Python’s @mima.attest() decorator. Takes a function and returns a wrapped version that attests every call.
Parameters
The wrapped function always returns Promise<TReturn>. If the original function was sync, the return type becomes Promise<OriginalReturnType>.
mima.push() — explicit attestation
Use when you have pre-computed hashes (e.g. from a pipeline step with its own hashing).
mima.trace() — manual hash capture
Pass a callback. Call ctx.setInput() / ctx.setOutput() to capture hashes at the right moment.
mima.batch() — buffered bulk push
GRC evidence methods
All GRC methods are async and return Promise<GrcResult>:
mima.aiRiskAssessment()
art5SelfAssessment: true certifies no Art. 5 prohibited practices. Never set without explicit human confirmation.
mima.modelEvaluation()
mima.humanOversight()
mima.trainingDataGovernance()
mima.incidentReport()
mima.accessReview()
mima.changeEvent()
mima.vendorRisk()
mima.policyAcknowledged()
mima.modelDriftEvent()
mima.governanceReview()
Lifecycle
Always call mima.close() at the end of a long-running process or serverless function. It flushes any buffered batch records.
The client also registers process.once('beforeExit', ...) as a safety net.
Signing GRC records
Pass a 32-byte hex key to enable HMAC-SHA256 signing. Every GRC push includes client_sig and client_sig_algo: "hmac-sha256".
The canonical message is cross-compatible with the Python SDK — signatures generated by either SDK verify against each other.
ESM setup
The package is ESM-only. In a CommonJS project, use dynamic import:
For mixed projects, add "type": "module" to your package.json and rename .js files to .mjs as needed.
Error handling
Check for failure without raising:
